rgw: Corrected code for ARNs for entities that have a path.

author Pritha Srivastava <prsrivas@redhat.com>

Thu, 28 Jun 2018 05:55:21 +0000 (11:25 +0530)

committer Pritha Srivastava <prsrivas@redhat.com>

Mon, 2 Jul 2018 10:12:07 +0000 (15:42 +0530)
author Pritha Srivastava <prsrivas@redhat.com>
Thu, 28 Jun 2018 05:55:21 +0000 (11:25 +0530)
committer Pritha Srivastava <prsrivas@redhat.com>
Mon, 2 Jul 2018 10:12:07 +0000 (15:42 +0530)
diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc

index ada2c1f969f3ba258073135753ee6cdf72f42f51..8641d110917469fa103bba1f5223104d2007f198 100644 (file)
--- a/src/rgw/rgw_iam_policy.cc
+++ b/src/rgw/rgw_iam_policy.cc
@@ -208,13 +208,14 @@ ARN::ARN(const rgw_bucket& b, const string& o)
    resource.append(o);
  }
  
-ARN::ARN(const string& resource_name, const string& type, const string& tenant)
+ARN::ARN(const string& resource_name, const string& type, const string& tenant, bool has_path)
    : partition(Partition::aws),
      service(Service::iam),
      region(),
      account(tenant),
      resource(type) {
-  resource.push_back('/');
+  if (! has_path)
+    resource.push_back('/');
    resource.append(resource_name);
  }
  
diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h

index 38e2726a23417420a0a6c1f779d8e32831cfda80..b7fe5599635c84ebfb36689dbf1e6631583a7774 100644 (file)
--- a/src/rgw/rgw_iam_policy.h
+++ b/src/rgw/rgw_iam_policy.h
@@ -242,7 +242,7 @@ struct ARN {
    ARN(const rgw_obj& o);
    ARN(const rgw_bucket& b);
    ARN(const rgw_bucket& b, const std::string& o);
-  ARN(const string& resource_name, const string& type, const string& tenant);
+  ARN(const string& resource_name, const string& type, const string& tenant, bool has_path=false);
  
    static boost::optional<ARN> parse(const std::string& s,
                                     bool wildcard = false);
diff --git a/src/rgw/rgw_rest_role.cc b/src/rgw/rgw_rest_role.cc

index 6867e0a0f65cc5f010c35f27a79d7ec91acdb354..4b11af695a468e3b2d0c193ebaf5bc5003775c2d 100644 (file)
--- a/src/rgw/rgw_rest_role.cc
+++ b/src/rgw/rgw_rest_role.cc
@@ -42,7 +42,7 @@ int RGWRestRole::verify_permission()
    if (!verify_user_permission(s,
                                rgw::IAM::ARN(resource_name,
                                              "role",
-                                             s->user->user_id.tenant),
+                                             s->user->user_id.tenant, true),
                                               op)) {
      return -EACCES;
    }
@@ -88,7 +88,7 @@ int RGWCreateRole::verify_permission()
    if (!verify_user_permission(s,
                                rgw::IAM::ARN(resource_name,
                                              "role",
-                                             s->user->user_id.tenant),
+                                             s->user->user_id.tenant, true),
                                               get_op())) {
      return -EACCES;
    }
@@ -179,7 +179,7 @@ int RGWGetRole::_verify_permission(const RGWRole& role)
    if (!verify_user_permission(s,
                                rgw::IAM::ARN(resource_name,
                                              "role",
-                                             s->user->user_id.tenant),
+                                             s->user->user_id.tenant, true),
                                               get_op())) {
      return -EACCES;
    }
author	Pritha Srivastava <prsrivas@redhat.com>
	Thu, 28 Jun 2018 05:55:21 +0000 (11:25 +0530)
committer	Pritha Srivastava <prsrivas@redhat.com>
	Mon, 2 Jul 2018 10:12:07 +0000 (15:42 +0530)
src/rgw/rgw_iam_policy.cc		patch \| blob \| history
src/rgw/rgw_iam_policy.h		patch \| blob \| history
src/rgw/rgw_rest_role.cc		patch \| blob \| history